Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 90147e32 authored by Hai Shalom's avatar Hai Shalom
Browse files

[WPA3] Initialize Suite-B ciphers correctly based on the CA cert type 

Initialize Suite-B ciphers correctly based on the CA cert type. Read the
cert type from key store, parse it and get the signature algorithm.
Enforce SHA384, and initialize AllowedSuiteBCiphers based on the
certificate type: RSA or ECSDA.

Bug: 128861164
Test: Verify Suite-B initialized correctly with RSA and ECDSA certs.
Test: Associate to SUITE_B_192 AP.
Test: atest WifiNetworkSuggestionTest
Change-Id: Ia9b8460caa586f695ed7aab3507ddeb4ecb8c3f3
parent 912eb6e9

wifi/java/android/net/wifi/WifiConfiguration.java

+2 −2
Original line number Diff line number Diff line
@@ -413,8 +413,8 @@ public class WifiConfiguration implements Parcelable { 
                allowedKeyManagement.set(WifiConfiguration.KeyMgmt.SUITE_B_192);

                allowedGroupCiphers.set(WifiConfiguration.GroupCipher.GCMP_256);

                allowedGroupManagementCiphers.set(WifiConfiguration.GroupMgmtCipher.BIP_GMAC_256);

                allowedSuiteBCiphers.set(WifiConfiguration.SuiteBCipher.ECDHE_ECDSA);

                allowedSuiteBCiphers.set(WifiConfiguration.SuiteBCipher.ECDHE_RSA);

                // Note: allowedSuiteBCiphers bitset will be set by the service once the

                // certificates are attached to this profile

                requirePMF = true;

                break;

            case SECURITY_TYPE_OWE:

wifi/tests/src/android/net/wifi/WifiNetworkSuggestionTest.java

+2 −4
Original line number Diff line number Diff line
@@ -179,12 +179,10 @@ public class WifiNetworkSuggestionTest { 
                .get(WifiConfiguration.GroupCipher.GCMP_256));

        assertTrue(suggestion.wifiConfiguration.allowedGroupManagementCiphers

                .get(WifiConfiguration.GroupMgmtCipher.BIP_GMAC_256));

        assertTrue(suggestion.wifiConfiguration.allowedSuiteBCiphers

                .get(WifiConfiguration.SuiteBCipher.ECDHE_ECDSA));

        assertTrue(suggestion.wifiConfiguration.allowedSuiteBCiphers

                .get(WifiConfiguration.SuiteBCipher.ECDHE_RSA));

        assertTrue(suggestion.wifiConfiguration.requirePMF);

        assertNull(suggestion.wifiConfiguration.preSharedKey);

        // allowedSuiteBCiphers are set according to the loaded certificate and cannot be tested

        // here.

    }



    /**